full deployment of initiator lambda

unity-sds · May 24, 2024 · bf007fd · bf007fd
1 parent 202b4b6
commit bf007fd
Show file tree

Hide file tree

Showing 14 changed files with 298 additions and 80 deletions.
diff --git a/scripts/build_lambda_package.sh b/scripts/build_lambda_package.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+BASE_PATH=$(dirname "${BASH_SOURCE}")
+BASE_PATH=$(cd "${BASE_PATH}/.."; pwd)
+DIST_DIR=${BASE_PATH}/dist
+PKG_DIR=${DIST_DIR}/lambda_packages
+TEST_DIR=${BASE_PATH}/tests
+
+set -ex
+
+rm -rf $DIST_DIR
+pip install hatch
+hatch clean
+hatch build
+VERSION=$(hatch run python -c 'from importlib.metadata import version; print(version("unity_initiator"))')
+echo "{\"version\": \"$VERSION\"}" > ${DIST_DIR}/version.json
+mkdir -p $PKG_DIR
+pip install -t $PKG_DIR ${DIST_DIR}/unity_initiator-*.whl
+cd $PKG_DIR
+zip -rq ${DIST_DIR}/unity_initiator-${VERSION}-lambda.zip .
diff --git a/scripts/build_mock_lambda_package.sh b/scripts/build_mock_lambda_package.sh
@@ -12,6 +12,7 @@ pip install hatch
 hatch clean
 hatch build
 VERSION=$(hatch run python -c 'from importlib.metadata import version; print(version("unity_initiator"))')
+echo "{\"version\": \"$VERSION\"}" > ${DIST_DIR}/version.json
 mkdir -p $PKG_DIR
 pip install -t $PKG_DIR ${DIST_DIR}/unity_initiator-*.whl
 cp ${TEST_DIR}/test_lambda.py $PKG_DIR/lambda_function.py

diff --git a/terraform-unity/initiator/.terraform.lock.hcl b/terraform-unity/initiator/.terraform.lock.hcl
diff --git a/terraform-unity/initiator/README.md b/terraform-unity/initiator/README.md
@@ -7,13 +7,16 @@
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | ~> 1.4.6 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >=5.50.0 |
+| <a name="requirement_local"></a> [local](#requirement\_local) | >=2.5.1 |
 | <a name="requirement_null"></a> [null](#requirement\_null) | >=3.2.2 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
 | <a name="provider_aws"></a> [aws](#provider\_aws) | 5.50.0 |
+| <a name="provider_local"></a> [local](#provider\_local) | 2.5.1 |
+| <a name="provider_null"></a> [null](#provider\_null) | 3.2.2 |
 
 ## Modules
 
@@ -28,20 +31,22 @@ No modules.
 | [aws_iam_role_policy_attachment.lambda_base_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
 | [aws_iam_role_policy_attachment.lambda_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
 | [aws_lambda_function.initiator_lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function) | resource |
-| [aws_security_group.initiator_lambda_sg](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
 | [aws_ssm_parameter.initiator_lambda_function_name](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ssm_parameter) | resource |
+| [null_resource.build_lambda_package](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
+| [null_resource.upload_lambda_package](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
 | [aws_iam_policy.mcp_operator_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source |
-| [aws_ssm_parameter.subnet_list](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ssm_parameter) | data source |
-| [aws_ssm_parameter.vpc_id](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ssm_parameter) | data source |
+| [local_file.version](https://registry.terraform.io/providers/hashicorp/local/latest/docs/data-sources/file) | data source |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_code_bucket"></a> [code\_bucket](#input\_code\_bucket) | The S3 bucket where lambda zip files will be stored and accessed | `string` | n/a | yes |
+| <a name="input_config_bucket"></a> [config\_bucket](#input\_config\_bucket) | The S3 bucket where router configuration files will be stored and accessed | `string` | n/a | yes |
 | <a name="input_deployment_name"></a> [deployment\_name](#input\_deployment\_name) | The deployment name | `string` | n/a | yes |
-| <a name="input_project"></a> [project](#input\_project) | The unity project its installed into | `string` | `"UnknownProject"` | no |
+| <a name="input_project"></a> [project](#input\_project) | The unity project its installed into | `string` | `"uod"` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | AWS Tags | `map(string)` | n/a | yes |
-| <a name="input_venue"></a> [venue](#input\_venue) | The unity venue its installed into | `string` | `"UnknownVenue"` | no |
+| <a name="input_venue"></a> [venue](#input\_venue) | The unity venue its installed into | `string` | `"dev"` | no |
 
 ## Outputs
 

diff --git a/terraform-unity/initiator/data.tf b/terraform-unity/initiator/data.tf
@@ -0,0 +1,8 @@
+data "aws_iam_policy" "mcp_operator_policy" {
+  name = "mcp-tenantOperator-AMI-APIG"
+}
+
+data "local_file" "version" {
+  filename   = "${path.module}/../../dist/version.json"
+  depends_on = [null_resource.build_lambda_package]
+}
diff --git a/terraform-unity/initiator/main.tf b/terraform-unity/initiator/main.tf
@@ -1,51 +1,41 @@
-resource "aws_lambda_function" "initiator_lambda" {
-  function_name = "${var.deployment_name}-inititator"
-
-  filename = "${path.module}/lambda.zip"
-  handler  = "lambda.lambda_handler"
-  runtime  = "python3.11"
-  role     = aws_iam_role.initiator_lambda_iam_role.arn
-
-  environment {
-    variables = {
-      ROUTER_CFG_URL = "s3://test_bucket/test_router.yaml"
-    }
+resource "null_resource" "build_lambda_package" {
+  triggers = { always_run = timestamp() }
+  provisioner "local-exec" {
+    command = <<EOF
+      set -ex
+      docker run --rm -v ${path.module}/../..:/var/task mlupin/docker-lambda:python3.9-build ./scripts/build_lambda_package.sh
+    EOF
   }
+}
 
-  vpc_config {
-    subnet_ids         = local.subnet_ids
-    security_group_ids = [aws_security_group.initiator_lambda_sg.id]
+resource "null_resource" "upload_lambda_package" {
+  depends_on = [null_resource.build_lambda_package]
+  provisioner "local-exec" {
+    command = <<EOF
+      set -ex
+      aws s3 cp ${path.module}/../../dist/unity_initiator-${jsondecode(data.local_file.version.content).version}-lambda.zip s3://${var.code_bucket}/
+    EOF
   }
-  tags = var.tags
 }
 
-resource "aws_security_group" "initiator_lambda_sg" {
-  name        = "${var.deployment_name}-initiator_lambda_sg"
-  description = "Security group for the initiator lambda service"
-  vpc_id      = data.aws_ssm_parameter.vpc_id.value
-
-  // Inbound rules
-  // Example: Allow HTTP and HTTPS
-  // ingress {
-  //   from_port   = 2049
-  //   to_port     = 2049
-  //   protocol    = "tcp"
-  //   cidr_blocks = ["0.0.0.0/0"]
-  // }
-
-  // Outbound rules
-  // Example: Allow all outbound traffic
-  // egress {
-  //   from_port   = 0
-  //   to_port     = 0
-  //   protocol    = "-1"
-  //   cidr_blocks = ["0.0.0.0/0"]
-  // }
+resource "aws_lambda_function" "initiator_lambda" {
+  depends_on    = [null_resource.upload_lambda_package] #, null_resource.upload_router_config]
+  function_name = "${var.project}-${var.venue}-${var.deployment_name}-inititator"
+  s3_bucket     = var.code_bucket
+  s3_key        = "unity_initiator-${jsondecode(data.local_file.version.content).version}-lambda.zip"
+  handler       = "unity_initiator.cloud.lambda_handler.lambda_handler_initiator"
+  runtime       = "python3.11"
+  role          = aws_iam_role.initiator_lambda_iam_role.arn
+  timeout       = 600
 
+  environment {
+    variables = {
+      ROUTER_CFG_URL = "s3://${var.config_bucket}/test_router.yaml"
+    }
+  }
   tags = var.tags
 }
 
-
 resource "aws_iam_role" "initiator_lambda_iam_role" {
   name = "${var.deployment_name}-initiator_lambda_iam_role"
 
@@ -88,29 +78,18 @@ resource "aws_iam_policy" "initiator_lambda_policy" {
 
 }
 
-resource "aws_iam_role_policy_attachment" "lambda_base_policy_attachment" {
+resource "aws_iam_role_policy_attachment" "lambda_policy_attachment" {
   role       = aws_iam_role.initiator_lambda_iam_role.name
-  policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
+  policy_arn = aws_iam_policy.initiator_lambda_policy.arn
 }
 
-resource "aws_iam_role_policy_attachment" "lambda_policy_attachment" {
+resource "aws_iam_role_policy_attachment" "lambda_base_policy_attachment" {
   role       = aws_iam_role.initiator_lambda_iam_role.name
-  policy_arn = aws_iam_policy.initiator_lambda_policy.arn
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
 }
 
 resource "aws_ssm_parameter" "initiator_lambda_function_name" {
   name  = "/unity/${var.project}/${var.venue}/od/initiator/lambda-name"
   type  = "String"
   value = aws_lambda_function.initiator_lambda.function_name
-}
-
-
-output "lambda_function_arn" {
-  description = "The ARN of the Lambda function"
-  value       = aws_lambda_function.initiator_lambda.arn
-}
-
-output "lambda_function_name" {
-  description = "The name of the Lambda function"
-  value       = aws_lambda_function.initiator_lambda.function_name
-}
+}
diff --git a/terraform-unity/initiator/output.tf b/terraform-unity/initiator/output.tf
@@ -0,0 +1,9 @@
+output "lambda_function_arn" {
+  description = "The ARN of the Lambda function"
+  value       = aws_lambda_function.initiator_lambda.arn
+}
+
+output "lambda_function_name" {
+  description = "The name of the Lambda function"
+  value       = aws_lambda_function.initiator_lambda.function_name
+}
diff --git a/terraform-unity/initiator/terraform.tf b/terraform-unity/initiator/terraform.tf
diff --git a/terraform-unity/initiator/variables.tf b/terraform-unity/initiator/variables.tf
@@ -11,11 +11,21 @@ variable "deployment_name" {
 variable "project" {
   description = "The unity project its installed into"
   type        = string
-  default     = "UnknownProject"
+  default     = "uod"
 }
 
 variable "venue" {
   description = "The unity venue its installed into"
   type        = string
-  default     = "UnknownVenue"
+  default     = "dev"
+}
+
+variable "code_bucket" {
+  description = "The S3 bucket where lambda zip files will be stored and accessed"
+  type        = string
+}
+
+variable "config_bucket" {
+  description = "The S3 bucket where router configuration files will be stored and accessed"
+  type        = string
 }
diff --git a/terraform-unity/initiator/versions.tf b/terraform-unity/initiator/versions.tf
@@ -6,6 +6,10 @@ terraform {
       source  = "hashicorp/aws"
       version = ">=5.50.0"
     }
+    local = {
+      source  = "hashicorp/local"
+      version = ">=2.5.1"
+    }
     null = {
       source  = "hashicorp/null"
       version = ">=3.2.2"

diff --git a/terraform-unity/test/.terraform.lock.hcl b/terraform-unity/test/.terraform.lock.hcl
diff --git a/terraform-unity/test/README.md b/terraform-unity/test/README.md
@@ -0,0 +1,40 @@
+# test
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | ~> 1.4.6 |
+| <a name="requirement_archive"></a> [archive](#requirement\_archive) | >=2.4.2 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >=5.50.0 |
+| <a name="requirement_null"></a> [null](#requirement\_null) | >=3.2.2 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_archive"></a> [archive](#provider\_archive) | 2.4.2 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.50.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_iam_role.lambda_iam_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
+| [aws_lambda_function.test_lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function) | resource |
+| [archive_file.test_lambda_artifact](https://registry.terraform.io/providers/hashicorp/archive/latest/docs/data-sources/file) | data source |
+| [aws_iam_policy.mcp_operator_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source |
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+No outputs.
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->